Notifications
Clear all
Topic starter
25/06/2026 3:10 pm
TL;DR: VPNs encrypt iPhone traffic and can support remote access, but they do not stop phishing, stolen credentials, device malware, or outages that block work, according to Imprivata. For enterprise mobility, VPNs are a transport control, not an identity control, so security teams need layered access management around device state, user identity, and session governance.
NHIMG editorial — based on content published by Imprivata: a guide to enabling VPN on a business iPhone and evaluating enterprise mobility alternatives
Questions worth separating out
Q: What is the main weakness of relying on VPNs for mobile access?
A: The main weakness is that a VPN protects the connection, not the full trust decision.
Q: When should organisations use something other than a VPN for mobile work?
A: Organisations should move beyond VPN-only access when users need application-specific reach, when devices are shared, or when sensitive systems require stronger entitlement control.
Q: How do shared devices change mobile access governance?
A: Shared devices create a handoff problem.
Practitioner guidance
- Separate transport security from entitlement decisions Use the VPN to protect traffic in transit, but make identity, device compliance, and application authorization the real access gates for corporate resources.
- Apply layered controls to shared mobile devices For pooled iPhones, require MFA, MDM enforcement, and session controls that re-evaluate access when the device changes hands.
- Limit mobile reach with application-scoped access Prefer ZTNA or app-specific access paths over broad network access so users reach only the resources they need for the task.
What's in the full article
Imprivata's full article covers the operational detail this post intentionally leaves for the source:
- Step-by-step iPhone VPN setup instructions for different VPN types and configuration fields.
- Practical troubleshooting checks for confirming that the VPN connection is active and routing traffic correctly.
- A closer comparison of VPN limitations versus ZTNA, SSO, MDM, and PAM for enterprise mobility.
- Guidance for shared-device environments where multiple users rely on the same business iPhone.
👉 Read Imprivata's guide to VPN setup and enterprise mobility alternatives →
VPN on a business iPhone: are your access controls enough?
Explore further
25/06/2026 4:32 pm
VPN-only thinking is a transport assumption, not an access model. A VPN can encrypt traffic, but the article shows that encryption does not equal trustworthy access. Enterprise mobility fails when teams confuse protected transport with controlled entitlement, because the real decision is whether the user, device, and session should be trusted at all. Practitioners should stop treating the tunnel as the control boundary.
A few things that frame the scale:
- 1 in 4 organisations are already investing in dedicated NHI security capabilities, with an additional 60% planning to do so within the next twelve months, according to The State of Non-Human Identity Security.
- Only 1.5 out of 10 organisations are highly confident in their ability to secure NHIs, compared to nearly 1 in 4 for securing human identities.
A question worth separating out:
Q: Should a VPN ever be the only security control for business iPhones?
A: No. A VPN can be part of the stack, but it should never be the only control because it cannot prevent phishing, stolen credentials, malware already on the device, or overbroad access once connected. Businesses need layered controls that combine identity, device, and privilege governance.
👉 Read our full editorial: VPN on a business iPhone: why access control needs more layers
